By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.

Cloudflare Improves Privacy by Encrypting the SNI During TLS Negotation

Cloudflare announces today support for encrypted Server Name Indication, a mechanism that makes it more difficult to track user's browsing. A web server can host multiple websites, with all of them sharing the same external IP address. This is possible through virtual hosting, a method that allows splitting the resources among available domain names. Server Name Indication (SNI) is a component of the TLS protocol that makes it possible for a server to present different TLS certificates that validate and secure the connection to websites behind the same IP address. An application with SNI support includes the hostname it is trying to reach the beginning of the handshake process with the server. This initial conversation in the TLS negotiation process happens in the clear, exposed to every node along the way, allowing an observer to track users or to influence (block, slow down) the connection to websites it does not sympathize. An encrypted SNI (ESNI) eliminates the risk of exposing the destination name. Learn more on OUR FORUM.